On Sat, Apr 23, 2011 at 11:28:58AM +0800, microcai wrote: > 于 2011年04月23日 10:55, Josh Triplett 写道: > > The systemd-nspawn manpage lists the various mechanisms used to isolate > > the container, and then says "Note that even though these security > > precautions are taken systemd-nspawn is not suitable for secure > > container setups. Many of the security features may be circumvented and > > are hence primarily useful to avoid accidental changes to the host > > system from the container." > > > > How can a process in a systemd-nspawn container circumvent the container > > remount /proc and /sys
Ah, good point. So, root inside the container can trivially circumvent the container that way. Any way to prevent that with current kernel support, or would fixing this require additional kernel changes to lock down other /proc and /sys mounts? That particular problem only applies if running code within the container as root. How about if running code as an unprivileged user? With that addition, does systemd-nspawn provide a secure container (modulo local privilege escalation vulnerabilities)? Thanks, Josh Triplett _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel